diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2021-01-22 14:00:32 +0300 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2021-01-22 15:55:22 +0300 |
| commit | 378f116a63ede40b685518641c5333945f78a918 (patch) | |
| tree | 5a69d6df4e6d7030d993337fc1c992831ede1a44 /apps | |
| parent | 9f81239033b1c386a1aa026632b63cbeb8f14df8 (diff) | |
Do not show 2FA settings if the user has no providers available
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/settings/lib/Settings/Personal/Security/TwoFactor.php | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/apps/settings/lib/Settings/Personal/Security/TwoFactor.php b/apps/settings/lib/Settings/Personal/Security/TwoFactor.php index ca20274b33d..61f249a3181 100644 --- a/apps/settings/lib/Settings/Personal/Security/TwoFactor.php +++ b/apps/settings/lib/Settings/Personal/Security/TwoFactor.php @@ -26,6 +26,9 @@ declare(strict_types=1); namespace OCA\Settings\Settings\Personal\Security; +use Exception; +use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor; +use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider; use function array_filter; use function array_map; use function is_null; @@ -42,6 +45,9 @@ class TwoFactor implements ISettings { /** @var ProviderLoader */ private $providerLoader; + /** @var MandatoryTwoFactor */ + private $mandatoryTwoFactor; + /** @var IUserSession */ private $userSession; @@ -52,10 +58,12 @@ class TwoFactor implements ISettings { private $config; public function __construct(ProviderLoader $providerLoader, + MandatoryTwoFactor $mandatoryTwoFactor, IUserSession $userSession, IConfig $config, ?string $UserId) { $this->providerLoader = $providerLoader; + $this->mandatoryTwoFactor = $mandatoryTwoFactor; $this->userSession = $userSession; $this->uid = $UserId; $this->config = $config; @@ -68,7 +76,10 @@ class TwoFactor implements ISettings { ]); } - public function getSection(): string { + public function getSection(): ?string { + if (!$this->shouldShow()) { + return null; + } return 'security'; } @@ -76,6 +87,35 @@ class TwoFactor implements ISettings { return 15; } + private function shouldShow(): bool { + $user = $this->userSession->getUser(); + if (is_null($user)) { + // Actually impossible, but still … + return false; + } + + // Anyone who's supposed to use 2FA should see 2FA settings + if ($this->mandatoryTwoFactor->isEnforcedFor($user)) { + return true; + } + + // If there is at least one provider with personal settings but it's not + // the backup codes provider, then these settings should show. + try { + $providers = $this->providerLoader->getProviders($user); + } catch (Exception $e) { + // Let's hope for the best + return true; + } + foreach ($providers as $provider) { + if ($provider instanceof IProvidesPersonalSettings + && !($provider instanceof BackupCodesProvider)) { + return true; + } + } + return false; + } + private function getTwoFactorProviderData(): array { $user = $this->userSession->getUser(); if (is_null($user)) { |